2020-04-12 20:05:28 +00:00
|
|
|
package settings
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
2020-06-26 14:40:46 +00:00
|
|
|
"net"
|
2020-04-12 20:05:28 +00:00
|
|
|
"strings"
|
2020-05-05 18:00:56 +00:00
|
|
|
"time"
|
2020-04-12 20:05:28 +00:00
|
|
|
|
2021-01-02 18:31:39 +00:00
|
|
|
unboundmodels "github.com/qdm12/dns/pkg/models"
|
|
|
|
|
unbound "github.com/qdm12/dns/pkg/unbound"
|
2020-07-26 12:07:06 +00:00
|
|
|
"github.com/qdm12/gluetun/internal/params"
|
2020-04-12 20:05:28 +00:00
|
|
|
)
|
|
|
|
|
|
2020-10-20 02:45:28 +00:00
|
|
|
// DNS contains settings to configure Unbound for DNS over TLS operation.
|
2021-01-02 18:31:39 +00:00
|
|
|
type DNS struct { //nolint:maligned
|
|
|
|
|
Enabled bool
|
|
|
|
|
PlaintextAddress net.IP
|
|
|
|
|
KeepNameserver bool
|
|
|
|
|
BlockMalicious bool
|
|
|
|
|
BlockAds bool
|
|
|
|
|
BlockSurveillance bool
|
|
|
|
|
UpdatePeriod time.Duration
|
|
|
|
|
Unbound unboundmodels.Settings
|
2020-04-12 20:05:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (d *DNS) String() string {
|
2020-06-26 14:40:46 +00:00
|
|
|
if !d.Enabled {
|
|
|
|
|
return fmt.Sprintf("DNS over TLS disabled, using plaintext DNS %s", d.PlaintextAddress)
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
blockMalicious, blockSurveillance, blockAds := disabled, disabled, disabled
|
2020-04-12 20:05:28 +00:00
|
|
|
if d.BlockMalicious {
|
|
|
|
|
blockMalicious = enabled
|
|
|
|
|
}
|
|
|
|
|
if d.BlockSurveillance {
|
|
|
|
|
blockSurveillance = enabled
|
|
|
|
|
}
|
|
|
|
|
if d.BlockAds {
|
|
|
|
|
blockAds = enabled
|
|
|
|
|
}
|
2020-05-05 22:02:23 +00:00
|
|
|
update := "deactivated"
|
|
|
|
|
if d.UpdatePeriod > 0 {
|
|
|
|
|
update = fmt.Sprintf("every %s", d.UpdatePeriod)
|
|
|
|
|
}
|
2020-07-11 23:51:53 +00:00
|
|
|
keepNameserver := "no"
|
|
|
|
|
if d.KeepNameserver {
|
|
|
|
|
keepNameserver = "yes"
|
|
|
|
|
}
|
2020-04-12 20:05:28 +00:00
|
|
|
settingsList := []string{
|
2021-01-02 18:31:39 +00:00
|
|
|
"DNS settings:",
|
2020-04-12 20:05:28 +00:00
|
|
|
"Block malicious: " + blockMalicious,
|
|
|
|
|
"Block surveillance: " + blockSurveillance,
|
|
|
|
|
"Block ads: " + blockAds,
|
2020-05-05 22:02:23 +00:00
|
|
|
"Update: " + update,
|
2020-07-11 23:51:53 +00:00
|
|
|
"Keep nameserver (disabled blocking): " + keepNameserver,
|
2021-01-02 18:31:39 +00:00
|
|
|
"Unbound settings: " + "\n |--" + strings.Join(d.Unbound.Lines(), "\n |--"),
|
2020-04-12 20:05:28 +00:00
|
|
|
}
|
|
|
|
|
return strings.Join(settingsList, "\n |--")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetDNSSettings obtains DNS over TLS settings from environment variables using the params package.
|
|
|
|
|
func GetDNSSettings(paramsReader params.Reader) (settings DNS, err error) {
|
|
|
|
|
settings.Enabled, err = paramsReader.GetDNSOverTLS()
|
2020-06-26 14:40:46 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
|
|
|
|
|
// Plain DNS settings
|
|
|
|
|
settings.PlaintextAddress, err = paramsReader.GetDNSPlaintext()
|
|
|
|
|
if err != nil {
|
2020-04-12 20:05:28 +00:00
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
settings.KeepNameserver, err = paramsReader.GetDNSKeepNameserver()
|
2020-04-12 20:05:28 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
|
|
|
|
|
// DNS over TLS external settings
|
|
|
|
|
settings.BlockMalicious, err = paramsReader.GetDNSMaliciousBlocking()
|
2020-04-12 20:05:28 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
settings.BlockSurveillance, err = paramsReader.GetDNSSurveillanceBlocking()
|
2020-04-12 20:05:28 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
settings.BlockAds, err = paramsReader.GetDNSAdsBlocking()
|
2020-04-12 20:05:28 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
settings.UpdatePeriod, err = paramsReader.GetDNSUpdatePeriod()
|
2020-04-12 20:05:28 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
|
|
|
|
|
// Unbound specific settings
|
|
|
|
|
settings.Unbound, err = getUnboundSettings(paramsReader)
|
2020-04-12 20:05:28 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
|
|
|
|
|
// Consistency check
|
|
|
|
|
IPv6Support := false
|
|
|
|
|
for _, provider := range settings.Unbound.Providers {
|
|
|
|
|
providerData, ok := unbound.GetProviderData(provider)
|
|
|
|
|
switch {
|
|
|
|
|
case !ok:
|
|
|
|
|
return settings, fmt.Errorf("DNS provider %q does not have associated data", provider)
|
|
|
|
|
case providerData.SupportsTLS:
|
|
|
|
|
return settings, fmt.Errorf("DNS provider %q does not support DNS over TLS", provider)
|
|
|
|
|
case providerData.SupportsIPv6:
|
|
|
|
|
IPv6Support = true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if settings.Unbound.IPv6 && !IPv6Support {
|
|
|
|
|
return settings, fmt.Errorf("None of the DNS over TLS provider(s) set support IPv6")
|
|
|
|
|
}
|
|
|
|
|
return settings, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getUnboundSettings(reader params.Reader) (settings unboundmodels.Settings, err error) {
|
|
|
|
|
settings.Providers, err = reader.GetDNSOverTLSProviders()
|
2020-04-12 20:05:28 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
settings.ListeningPort = 53
|
|
|
|
|
settings.Caching, err = reader.GetDNSOverTLSCaching()
|
2020-04-12 20:05:28 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
settings.IPv4 = true
|
|
|
|
|
settings.IPv6, err = reader.GetDNSOverTLSIPv6()
|
2020-04-12 20:05:28 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
settings.VerbosityLevel, err = reader.GetDNSOverTLSVerbosity()
|
2020-04-26 13:28:14 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
settings.VerbosityDetailsLevel, err = reader.GetDNSOverTLSVerbosityDetails()
|
2020-04-12 20:05:28 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
settings.ValidationLogLevel, err = reader.GetDNSOverTLSValidationLogLevel()
|
2020-05-05 18:00:56 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
settings.BlockedHostnames = []string{}
|
|
|
|
|
settings.BlockedIPs, err = reader.GetDNSOverTLSPrivateAddresses()
|
2020-07-11 23:51:53 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
|
|
|
|
}
|
2021-01-02 18:31:39 +00:00
|
|
|
settings.AllowedHostnames, err = reader.GetDNSUnblockedHostnames()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return settings, err
|
2020-04-12 20:05:28 +00:00
|
|
|
}
|
|
|
|
|
return settings, nil
|
|
|
|
|
}
|
